cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Defending Australia against the rise of ransomware

Global ransomware attacks have risen sharply as cyber criminals continue to refine their strategies, tactics and methods.

user iconReporter
Wed, 27 Jul 2022
Defending Australia against the rise of ransomware
expand image

The consistent and widespread, international scope of ransomware has impacted on all aspects of security, from individuals, businesses, critical infrastructure, education, health and government. The ACSC forecasts that the uptick in ransomware incidents will remain a common threat in Australia and globally due to cyber criminals’ success.

In May, the Conti hacking group launched a cyber attack on Costa Rica forcing the South American country to declare a state of emergency after the Russian hacking cartel claimed credit for the attack that crippled tax collection and export systems unless it was paid a ransom of $20 million. At the time, newly elected Costa Rica President Rodrigo Chaves declared his country at war with the Conti ransomware gang less than a week in office.

We’re at war and this is not an exaggeration, Chaves told local media at the time.


The war is against an international terrorist group, which apparently has operatives in Costa Rica.

There are very clear indications that people inside the country are collaborating with Conti, Chaves added.

Conti went as far as urging the citizens of Costa Rica to pressure their government to pay a $20 million ransom, threatening to overthrow the government via cyber attack. Conti’s assault on the Costa Rican government began in April 2022. The countrys Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on 16 May, Chaves said the number of institutions impacted had since grown to 27. According to Reuters, Chaves admitted that the cyber attack will impact the country’s foreign trade.

While the ACSC affirms that Australia remains the safest place to connect online, more can, and should be done to bolster the nation’s cyber security defences. According to an ASPI Strategist report by Rachel Falk, CEO of the Cyber Security Cooperative Research Centre and co-author of Exfiltrate, encrypt, extort: the global rise of ransomware and Australia’s policy options, ransomware attacks are now a global epidemic and Australia is a prime target.

“Bringing a huge organisation to a grinding halt can cost as little as $66—the measly outlay for some ‘advanced’ ransomware tools sold on the dark web.

“It’s a low cost for a potentially lucrative reward.

“On the flipside, the cost for victims to respond and recover from ransomware attacks can run into many millions,” Falk wrote.

Ransomware-as-a-service (RaaS)

In an interview with Cyber Security Connect, Bob Huber, chief security officer at Tenable, noted the impact of RaaS on both private and government organisations not only causes financial damage but severe reputational damage as well.

“Theres a true impact to the business or the organisation, whether its for profit or not.

“Cyber is now a risk that threatens the business and all aspects of the business, whether thats strategic, financial, reputational, or whether its brand, they can all be impacted by cyber events.

“I think whats become apparent is theres a critical element of society that is largely at risk, and they dont have the ability to manage risk.”

Tenable has found the self-sustaining ransomware industry earned $692 million from collective attacks in 2020, and attributes the shift to the subscription economy which has created a new norm in the “as-a-service world”.

According to Satnam Narang, senior staff research engineer at Tenable, organisations need to prepare and defend themselves in this critical security climate.

Its imperative that these entities prepare themselves in advance, so they are in the best position possible to defend against and respond to ransomware attacks,” Narang added.

Due to the advent of ransomware-as-a-service (RaaS), ransomware has prospered. Tenable has found that the service model has significantly reduced the barrier of entry, allowing cyber criminals who lack the technical skills to commoditise ransomware.

“Attackers are finding holes in our current defences and profiting from them,” Narang further explained.

So long as the ransomware ecosystem continues to thrive, so too will the attacks against organisations and governments,” Narang said.

Tackling the proliferation of ransomware

According to Faulk, traditional law enforcement won’t be sufficient in tackling cyber crime due to geography but suggests the implementation of policy that uplifts cyber security.

“There are domestic policy levers that can be pulled to support cyber security uplift across the economy.

“Such action is essential because the grim reality is that, when it comes to ransomware, prevention is the best response.

“There needs to be greater clarity regarding the legality of ransomware payments, increased transparency when attacks do occur, the adoption of a mandatory reporting regime and incentivisation for businesses to bolster their cyber defences through tax, procurement and subsidy measures,” Falk said.

New Australian SOCI Act reforms

Cyber security has become an increasingly important area of law, due to its broad, all-encompassing impact. Speaking with The Lawyers Weekly Show, Melissa Tan, head of cyber insurance and a litigation and dispute resolution lawyer specialising in insurance law, discussed the importance of protecting critical infrastructure and its direct link to national security.

“It is such an important area only because it cuts across every industry, every size of business, and every individual, it really does not discriminate.

“So, I think it can be very overwhelming when you try to manage a risk that’s called cyber risk because you probably don’t know where to start,” Tan added.

Discussing the full package of reforms to the Security of Critical Infrastructure Act 2018 (SOCI Act) on a podcast by Cyber Security Connect’s sister brand, Lawyers Weekly, Tan explained that the changes aim to protect Australia’s critical infrastructure as the name suggests.

“In Australia, the government defines the critical infrastructure as physical facilities, supply chains, information technologies, and communication networks which, if destroyed, degraded, or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation, or affect Australia’s ability to conduct national defence and ensure national security.

“From these key words in this definition, you can tell that critical infrastructure really refers to any sector or any industry which can really impact on the livelihood of Australia as a whole, and the economic and social wellbeing of the citizens within Australia.

“Anything that you can think of that will impact our livelihood, be it utilities, like electricity or gas, or transport, or just food, the basic necessity for survival and healthcare,” Tan further explained.

Tan, who is a partner at independent Australian law firm Lander & Rogers, has extensive experience advising both local and international insurers on a wide range of coverage and liability issues in both litigated and non-litigated matters.

“The idea behind it is that for a nation like Australia or any other country, or any other nation, to be able to survive and defend itself, it needs to protect these different industries which are considered critical for the survival of the country.

“They [reforms] are so extensive, but I think the critical point to understand is that they have that cyber element to them because the idea is to tackle the cyber security risk that are increasingly faced by critical infrastructure in Australia,” Tan said.

Offense over defence

According to the ACSC, investing in preventative cyber security measures is more cost effective than the comparative costs incurred when attempting to recover from a ransomware incident. Keeping regular offline backups of business-critical data and patching known security vulnerabilities routinely are steps that can significantly reduce an organisations vulnerability to ransomware attacks.

According to Faulk, establishing a dedicated cross-departmental ransomware taskforce would be a smart move, noting that a version of the ransomware unit in the US Department of Justice could prove to be beneficial here in Australia.

“While there’s no doubt that organisations must take responsibility for ensuring that their cyber security posture is up to scratch, there are practical and easily implementable steps the government can take to provide clarity, guidance and support.

“In Australia, the threat’s right here, right now and isn’t going away.

“There’s a key role for the Australian government to play in leading the way, but tackling ransomware is a shared responsibility,” Faulk said.

The ACSC advises against paying ransoms and emphasises that all sectors and individuals with information of value are potential targets for cyber criminals seeking opportunities for financial gain. The sharp increase in global ransomware attacks and its continuing presence making these incidents commonplace is a serious red flag and there should be a plan to effectively combat it.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.